The `elliptic` package has been updated to v6.5.4 to address a security
advisory regarding a vulnerability in v6.5.3. We are not affected by
this vulnerability to the best of our knowledge. This is just to stay
on the safe side, and fix our audit check.
In #10510 we changed how tokens are stored, keying them by `chainId`
rather than network type. However we didn't update our mobile sync
function to account for this, which ended up breaking the filtering
logic used to prepare the data that is synced.
Specifically, custom tokens added by users are filtered out to just
those that are confirmed to be ERC20 tokens in our built-in list of
tokens. This filters out unrecognized tokens and NFTs.
The filtering logic has been restored to the pre-#10510 behaviour.
* origin/develop:
Updating references to MetaMask support (#10563)
Remove dead code related to the selectedFromToken variable in swaps/index.js (#10570)
make lavamoat optional for dev mode (#10538)
Adding a warning when sending a token to its own contract address (#10546)
handle undefined network (#10560)
cache balances by chain id (#10545)
Fix/handle safe low undefined (#10561)
Remove unused `hasHexData` prop (#10529)
Resolving pull-ws to v3.3.2 (#10543)
Sync `master` with `develop` (#10540)
Warnings were not shown on the Add Recipient page of the send flow. Now
any send warnings will be shown. This can be tested using an ENS name
with a confusable character in it (the confusable character warning
will be shown).
A condition was also removed that prevented any warnings or errors from
rendering when the user had non-zero contacts or recent addresses. I
have no idea why you'd want to hide warnings or errors if the user had
no contacts or recent addresses. None of these errors even pertain to
contacts or recent addresses.
* Add warning system for 'confusable' ENS names (#9129)
Uses unicode.org's TR39 confusables.txt to display a warning when
'confusable' unicode points are detected.
Currently only the `AddRecipient` component has been updated, but the new
`Confusable` component could be used elsewhere
The new `unicode-confusables` dependency adds close to 100KB to the
bundle size, and around 30KB when gzipped.
Adds 'tag' prop to the tooltop-v2 component
Use $Red-500 for confusable ens warning
Lint Tooltip component
Update copy for confusing ENS domain warning.
* Fix prop type
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* fixed message text overflow
* reverted and removed mesage title inside message--root
* fixed margin problem in sign message
* removed dead css
* fixed large left padding on data signing
The CI script to ensure no LavaMoat policy changes are required has
been failing despite there being no changes. It turns out that the
command used to check for changes (`git diff-index`) was failing
despite the lack of changes because the file was written again by
`yarn lavamoat:auto` but git hadn't gotten around to updating its index
since the write occurred, so it was considering it as changed until it
verified it wasn't [1].
The command has been replaced by `git diff --exit-code --quiet`, which
should do exactly the same thing except that it forces git to update
its internal cache to verify whether changes are present.
[1]: https://stackoverflow.com/questions/34807971/why-does-git-diff-index-head-result-change-for-touched-files-after-git-diff-or-g
This script was accidentally broken in #10499, which added the `.sh`
file extension to all Bash scripts. I forgot to update the
`ganache:start` script to use the new file extension.
The contributor documentation in the README has been improved in
various ways:
* There is now a dedicated section for development builds under
'Contributing', rather than this being under 'Building locally'
* Additional unit test and linting commands have been documented
* Instructions for running e2e tests have been added
* Instructions on how to handle dependency changes have been added,
to accommodate recent changes relating to `allow-scripts` and
`LavaMoat`.
A CI job has been added to ensure the `allow-scripts` config and the
LavaMoat auto-generated policy is up-to-date. This will only run on
release branches and the `master` branch, because it's too difficult a
requirement to meet for each PR for contributors on macOS, due to
differences in the dependency graph caused by optional dependencies.
The `allow-scripts` and LavaMoat policy have both been updated using
`yarn allow-scripts auto` and `yarn lavamoat:auto`.
The source map explorer script will now use `yarn` instead of `npx` to
create the visualizations, to ensure that it's using the exact version
of `source-map-explorer` that we have in our dependencies.
The standard set of Bash flags have been set as well, and the standard
Bash shebang we use. This ensures the script will fail if an error is
encountered.
